Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_security
(Stormshield)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-08 | CVE-2022-4304 | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master... | Openssl, Endpoint_security, Sslvpn, Stormshield_network_security | 5.9 | ||
| 2023-05-30 | CVE-2023-23561 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | Endpoint_security | 5.5 | ||
| 2023-05-31 | CVE-2023-23562 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | Endpoint_security | 4.3 | ||
| 2021-07-13 | CVE-2021-31225 | SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | Endpoint_security | 7.3 | ||
| 2021-07-13 | CVE-2021-31220 | SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | Endpoint_security | 5.2 | ||
| 2021-07-13 | CVE-2021-31221 | SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | Endpoint_security | 5.7 | ||
| 2021-07-13 | CVE-2021-31222 | SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | Endpoint_security | 5.7 | ||
| 2021-07-13 | CVE-2021-31223 | SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | Endpoint_security | 5.7 | ||
| 2021-07-13 | CVE-2021-31224 | SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | Endpoint_security | 3.5 | ||
| 2021-07-13 | CVE-2021-35957 | Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | Endpoint_security | 6.7 |